On Fri, 28 Feb 2020 18:49:58 -0800, Mr. Lee Chiffre wrote: [snip] > I am a python noob. This is why I ask the python masters. There is a > python software I want to install on the server it is called Electrumx. > https://github.com/kyuupichan/electrumx is the link. I am having troubles > with installing this. > The short version is I am wanting to build this python application and > needed dependencies from source code all from a local directory without > relying on the python pip package servers. I only run software I can > compile from source code because this is the only way to trust open source > software. I also want to archive the software I use and be able to install > it on systems in a grid down situation without relying on other servers > such as python package servers.
(To make OP's requirements plainly visible, note that this appears to be a cryptocurrency application.) I'd suggest that building everything from source code might not be a realistic solution to your security concerns. I don't know what your threat model is, but if it's something like, "Hackers and gangsters who scatter password-harvesting trojans across the globe and then shlurp up what they can," you might find that you get better security by generating your keys on a computer that never communicates with the outside world. Your concerns are (1) that the random numbers from which your keys have been corrupted to make them predictable, or (2) that malicious software will send your keys to the bad guys. Isolating the key-generation machine takes care of #2. If you have Python code for generating keys, something as simple as XORing a fixed value of your choice with its random numbers will take care of #1. I admit that using an isolated machine introduces a lot of inconveniences, but I bet it compares favorably with building everything from source. -- To email me, substitute nowhere->runbox, invalid->com. -- https://mail.python.org/mailman/listinfo/python-list
